CVE-2023-29337 in azure-functions-host

Azure / azure-functions-docker

This repo contains the base Docker images for working with azure functions

MIT License

258 stars 117 forks source link

CVE-2023-29337 in azure-functions-host #922

Open atpoirie opened 1 year ago

atpoirie commented 1 year ago

Using image python:4-python3.10-appservice, started seeing CVE-2023-29337, marked high, being identified in reference to nuget.protocol and nuget.common in the file /azure-functions-host/Microsoft.Azure.WebJobs.Script.WebHost.deps.json

Not sure if this belongs on the azure functions docker side, azure functions host side, or both.

Vulnerability is new, but assuming other commercial entities will start reporting the same when their deployments become blocked.

abl-jakev commented 1 year ago

We are also running into this being flagged by our security scanner.

BaileyFirman commented 1 year ago

We are also seeing this; I haven't dug too deep but it looks like Debian's package repository doesn't have an updated version of NuGet yet so it may be blocked by that.